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Abstract. We give an axiomatisation of strong bisimilarity on a small fragment of CCS 
that does not feature the sum operator. This axiomatisation is then used to derive con- 
gruence of strong bisimilarity in the finite 7r-calculus in absence of sum. To our knowledge, 
this is the only nontrivial subcalculus of the 7r-calculus that includes the full output prefix 
and for which strong bisimilarity is a congruence. 



In this paper, we study strong bisimilarity on two process calculi. More precisely, we 
establish an axiomatisation for strong bisimilarity on a very restricted fragment of CCS, 
and then use this axiomatisation to derive a new congruence result for the 7r-calculus. 

We first focus on microCCS (//CCS), the subcalculus of CCS that only features prefix 
and parallel composition. Our main result on /iCCS is that adding the following distribution 
law 



to the laws of an abelian monoid for parallel composition yields a complete axiomatisation 
of strong bisimilarity (in the law above, rj is a CCS prefix, of the form a or a, and P is any 
CCS process - the same number of copies of P appear on both sides of the equation). 

The distribution law is not new: it is mentioned - among other 'mixed equations' re- 
lating prefixed terms and parallel compositions - in a study of bisimilarity on normed PA 
processes [10] . In our setting, this equality can be oriented from left to right to rewrite pro- 
cesses into normal forms, which intuitively exhibit as much concurrency as possible. Strong 
bisimilarity (~) between processes is then equivalent to equality of their normal forms. 
This rewriting phase allows us to actually compute unique decompositions of processes into 
prime processes, in the sense of [12]: a process P is prime if P is not bisimilar to the inactive 
process and if P ~ Q \ R implies Q ~ or R ~ 0. 

The distribution law is an equational schema, corresponding to an infinite family of 
axioms, of the form r].(P \ (r].P) k ) = (i].P) k+1 , for k > 1 (where Q k denotes the /c-fold 
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parallel composition of process Q). Some of these axioms are related. For instance, 
we can derive the 6-ary instance of the distribution law (corresponding to k = 5) using 
the binary and the ternary instances: first rewrite (r].P) e three times using the binary 
instance, yielding (r].(P\r].P)) 3 ; then use the ternary instance to rewrite the latter pro- 
cess into 77. ( (P\r].P) I r].(P\r].P) | r/.(P|r/.P)) ; finally, use the binary instance twice to get 
rj.(P J (77.P) 5 ). On the other hand, instances of the distribution law where the prefixed term 
occurs a prime number of times on the right hand side cannot be derived using other in- 
stances. We formalise this argument to show that there exists no finite axiomatisation of 
~ on //CCS in Sect. [3l 

We are also interested in this paper in the 7r-calculus, and, more precisely, in congruence 
properties of strong bisimilarity in this formalism. Because of the presence of the input 
prefix, and of the related phenomenon of name-passing, bisimilarity is more complex in the 
7r-calculus than in CCS. In particular, both early and late bisimilarity [15], that differ in 
their treatment of name substitution, fail to be congruences in the full 7r-calculus. 

There exist subcalculi of the 7r-calculus for which strong bisimilarity is a congruence 
(we discuss these in Sect. [6j). When this is the case, this equivalence coincides with ground 
bisimilarity (~ g ), which allows one to consider a single fresh name when analysing an 
input transition, instead of the usual quantification involving all free names of the process. 
Congruence of strong bisimilarity is hence an important property: not only is it necessary 
in order to reason in a compositional way, but it also helps making bisimulation proofs 
simpler, by reducing the number of cases to analyse. 

In the full 7r-calculus, in order to get congruence, one has to work with Sangiorgi's open 
bisimilarity [14] . which has a more involved definition than the early and late variants. Tools 
like the Mobility Workbench [16], for instance, have adopted this equivalence on processes. 

Technically, the key property which is necessary in order to derive congruence of ~ g in 
the 7r-calculus is substitution closure: we say that a relation 1Z between processes is closed 
under substitution if whenever P 1Z Q, then Pa 1Z Qa for any substitution a mapping 
names to names. In calculi like CCS or the 7r-calculus, where interaction arises from the 
synchronisation between an emitter and a receiver, substitution closure is a demanding 
property. Indeed, applying a substitution may have the effect of identifying two names, 
thus triggering new possibilities of interaction. 

Before addressing substitution closure for ~ g in the 7r-calculus, we analyse this property 
in the simpler setting of (subsets of) CCS in Sect. 01 We show in particular that strong 
bisimilarity is closed under substitution in /iCCS, but that it is not as soon as we add the 
choice operator, although being a congruence. 

At the heart of our proof of congruence in the 7r-calculus is a notion that we call 
mutual desynchronisation, and that corresponds to the existence of processes P,Pi2,P2i 
such that P — > — > Pyi and P — > — > P21, for two distinct actions r}\ and 7/2, and with Pyi 
behaviourally equivalent to P%\. (We do not specify the shape of actions, nor the behavioural 
equivalence we refer to, because we shall be reasoning about mutual desynchronisations both 
in /jCCS and in the 7r-calculus.) We additionally require in the two sequences of transitions 
from P to P12 and P21 respectively that the second prefix being fired should occur under 
the first prefix in P. 

We discuss the relationship between substitution closure and mutual desynchronisations 
in Sect. 14.11 and show that the latter do not arise in //CCS (which is a way to prove that 
~ is closed under substitution in this calculus). This is essentially due to the fact that our 
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axiomatisation of ~ on //CCS does not allow one to match the firing of two distinct prefixes 
that are concurrent using two prefixes that occur in sequence in a process. 

In relation with the latter observation, we then argue in Sect. B~2l that noninterleaving 
semantics, for which concurrency cannot be reduced to nondeterminism, are more likely 
to be substitution closed: we prove that this is the case for Castellani and Hennessy's 
distributed bisimilarity [5] in //CCS extended with choice. 

Coming back to the 7r-calculus, we exploit a transfer property that allows us to derive 
from the absence of mutual desynchronisations in //CCS the same result in ttq, the finite, 
sum-free -zr-calculus. This entails that ground, early, late and open bisimilarities coincide 
on ttq, and are congruences. It is known |15j that bisimilarity in the 7r-calculus fails to be a 
congruence as soon as we have prefix, parallel composition, restriction and replication. The 
problem of congruence of ~ g on ttq is mentioned as an open question in |X5|, Chapter 5] , and 
is known since at least 1998 [2]. To our knowledge, this is the first congruence result for a 
subcalculus of the 7r-calculus that includes the full output prefix (see Sect.[6]for a discussion 
on this). 

Paper outline. We introduce //CCS and the distribution law in Sect. CD Section[2]is devoted 
to the characterisation of ~ on //CCS using normal forms. In Sect. El we prove that no 
finite axiomatisation of ~ on //CCS exists. We discuss the substitution closure property, 
and establish it for distributed bisimilarity in an extension of //CCS, in Sect. HI Section [5] 
presents the proof of our congruence result in the 7r-calculus, and we give concluding remarks 
in Sect. [6l 

This paper is an extended version of [Sj. In particular, we provide more detailed proofs 
in Sect. [3j the material in Sect. 14.21 that discusses substitution closure and noninterleaving 
semantics, is new. 

1. MicroCCS Processes and Normal Forms 

We consider an infinite set M of names, and let a,b . . . range over names. We define 
on top of M the set of processes of //CCS, the finite, public (that is, without restriction), 
sum-free CCS calculus, as follows, where P,Q,R . . . range over processes: 

rj ::= a \ a , P ::= | r).P \ P \ Q . 

is the nil process, n ranges over interactions (also called visible actions), and we let rj 
stand for the coaction associated to rj (we let rj = rj). For k > 0, we write P k for the 
parallel composition of k copies of P, and we write n«e/ ^ ^ or ^ ne P ara Uel composition of 
all processes Pi for i S /. 

Structural congruence, written =, is defined as the smallest congruence satisfying the 
following laws: 

(Ci) P\Q = Q\P (C 2 ) P\(Q\R) = (P\Q)\R (C 3 ) P|0 = P 

We introduce a labelled transition system (LTS) for //CCS. Actions labelling transitions are 
either interactions, or a special silent action, written r. We use // to range over actions. It 
can be noted that the syntax of //CCS does not include a construction of the form r.P - 
see Remark 12.81 below. 
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Definition 1.1 (Operational semantics and behavioural equivalence). 
The LTS for //CCS is given by the following rules: 

pJUpi Q%Q> pJUp' PAp' 

n P ILy P — 

P\Q^P'\Q' p\qJ^p'\q q\ P !Uq\P' 

A bisimulation is a symmetrical relation 1Z between processes such that whenever P 1Z Q 
and P A P', there exists Q' such that Q A Q' and P'TZQ'. 
Bisimilarity, written ~, is the union of all bisimulations. 

Definition 1.2 (Size). Given P, #(P) (called the size of P) is defined by: 

#(0) ^ #(Pi | P 2 ) ^ #(P) + #(P 2 ) #(r?.P) ^ 1 + #(P) . 

Lemma 1.3. P = Q implies P ^ Q which in turn implies #(P) = #(Q)- 

Proof. The first implication follows by showing that the laws of = are sound for ~, and 
that ~ is preserved by parallel composition and prefix. 

Assume then by contradiction that there exist P, Q such that P ~ Q and #(P) < #(Q); 
and choose such P with minimal size. Q has at least one prefix: Q — > Q' and we get PAP' 
with P ~ Q'. We deduce that #(P') < #(P) and #(P) < #(Q')> which contradicts the 
minimality hypothesis. □ 

Definition 1.4 (Distribution law). The distribution law is given by the following equation, 
where the same number of copies of P appears on both sides: 

rj.(P | rj. P | ... | rj.P) = rj.P\rj.P\ ... \n.P . 

We shall use this equality, oriented from left to right, to rewrite processes. We write 
P ~» P' when there exist P\,P2 such that P = P\, Pj = P' and P2 is obtained from P\ 
by replacing a sub-term of the form of the left-hand side process with the right-hand side 
process. 

Remark 1.5 (On the distribution law and PA). Among the studies about properties of 
~ in process algebras that include parallel composition (see Q] for a recent survey on 
axiomatisations) , some works focus on calculi where parallel composition is treated as a 
primitive operator (as opposed to being expressible using sum or other constructs like 
the left merge operator). As mentioned above, particularly relevant to this work is |10j . 
where Hirshfeld and Jerrum "develop a structure theory for PA that completely classifies the 
situations in which a sequential composition of two processes can be bisimilar to a parallel 
composition" . [10] establishes decidability of ~ for normed PA processes: in that setting, the 
formal analogue of the distribution law (Def. II. 4p holds with r\ and P being two processes 
- the 'dot' operator is a general form of sequential composition. This equality is valid 
in [10] whenever n is a 'monomorphic process', meaning that n can only reduce to (which 
corresponds to /iCCS), or to n itself. [7] presents a finite axiomatisation of PA that exploits 
the operators of sum and left merge. 

Lemma 1.6. The relation ~» is strongly normalising and confluent. 

Proof. If P ~» P' then the weight of P' (defined as sum of the depths of all prefixes occurring 
in P') is strictly smaller than the weight of P, whence the strong normalisation. We then 
remark that ~» is locally confluent, and conclude with Newman's Lemma. O 
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Thus, for any process P, ~~> defines a normal form unique up to = , that will be denoted 
by n(P). We let A, B, . . . range over normal forms. 

The following lemma states that ~» preserves bisimilarity: 

Lemma 1.7. If P ~* P' , then P ~ P 1 . For any P, P ~ n(P). 

Proof. The relation (~» u (" w ) _1 U =) is a bisimulation. □ 



2. Characterisation of Bisimilarity in MicroCCS 

Our characterisation of ~ on /jCCS makes use of the notion of decomposition into prime 
processes, defined as follows: 

Definition 2.1. A process P is prime if P ^ and P ~ P\ \ P2 implies Pi ~ or P2 ~ 0. 

When P ~ P\ I . . . I P n where the PjS are prime, we shall call P\\ ... \P n a prime 
decomposition of P. 

Proposition 2.2 (Unique decomposition). Any process admits a prime decomposition 
which is unique up to bisimilarity: if Pi | ... \P n and Q\ \ ... | Q m are two prime decompo- 
sitions of the same process, then n = m and there exists a permutation f of [l..n] such that 
Pi ~ Qf(i) for all i G 

Proof. Similar to the proof of [13, Theorem 4.3.1]: the case of /jCCS is not explicitly treated 
in that work, but the proof can be adapted rather easily. □ 

An immediate consequence of the above result is the following property: 

Corollary 2.3 (Cancellation). For all P,Q,R, P\R~Q\R implies P ~ Q. 

Note that this is not true in presence of replication: a \ la ~ | la, but a / 0. 

The characterisation of ~ using the distribution law follows from the observation that 
if a normal form is a prefixed process, then it is prime. This idea is used in the proof of 
Lemma [2. 51 We first establish a technical result, that essentially exploits the same argument 
as the proof of Theorem 4.2 in |10j . 

Lemma 2.4. If rj.P ~ Q | Q' , with Q,Q' 9^ 0, then there exist A and k > 1 such that 
n.P ~ (i].A) k and rj.A is a normal form. 

Proof. By Lemma 11.71 we have 77. P ~ n(Q\Q'). Furthermore, we have that n(Q\Q') = 
Yli<k Vi-Ai, where k > 1 and the processes r\i.Ai are in normal form. 

Since the 77 prefix must be triggered to answer any challenge from the right hand side, 
we have rji = rj and P ~ A{ \ W^^-Ai for all i < k. In particular, when i ^ j, we 
have P ~ Ai | n.Aj \ Yli^ij} rj.At ~ n.Ai j Aj j Oz0{i,i} and hence, by Corollary E3J 
Ai \ r\.Aj ~ r\.Ai \Aj. By reasoning on the sizes of the parallel components in the prime 
decompositions of these two terms, we conclude that n.Ai ~ V-Aj for all i,j < k. 

Hence, we have rj.P ~ (n.Ai) k with k > 1 and r].A\ is a normal form. □ 
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Lemma 2.5. Let A, B be two normal forms, A ~ B implies A = B. 
Proof. We show by induction on n that for all A with i^(A) = n, we have 

(i) if A is a prefixed process, then A is prime; 

(ii) for any B, A ~ B implies A = B. 

The case n = is immediate. Assume that the property holds for all i < n, with n > 1. 

(i) We write A = ij.A', and assume by contradiction A ^ p 1 \p 2 with P\,P2 ^ 0. By 
Lemma |2.4| we have A ~ (n.B) k with k > 1 and ??.-B in normal form. By triggering 
the prefix on the left hand side, we have A' ~ B \ (rj.B) k ^ 1 . It follows by induction 
that A' = B | (rj.B)^ 1 (using property (ii)), and hence A = r].(B \ (rj.B) k ~ 1 , which is 
in contradiction with the fact that A is in normal form. 

(ii) Assume now A ~ B. 

— If A is a prefixed process, B is prime by the previous point (#(-B) = ^(A) by 
Lemma ll.3p . Necessarily, A = r].A' and -B = n.B' with A' ~ B'. By induction, this 
entails A' = B' , and A = B. 

— Otherwise, A = r)\.A\ \ . . . \ rj^.A^ with k > 1, and we know by induction (property 
(i)) that Tft.^i is prime for all i < k. Similarly, we have B = rj^.Bi | . . . | rj^.Bi with 

prime for all i < I. 

By Proposition 12.21 k = m and f]%-Ai ~ ^--Bj (up to a permutation of the indices), 
which gives r/^ = r/j and ~ i?j for all i < k. By induction, we deduce Ai = Bi for 
all i, which finally implies A = B. □ 

Lemmas 11.71 and 12.51 allow us to deduce the following result. 

Theorem 2.6. Let P, Q be two fiCCS processes. Then P ~ Q iff n(P) ee n(Q). 

Remark 2.7 (Unique decomposition of processes). Our proof relies on unique decompo- 
sition of processes (Prop. [272]) . that first appeared in [12] • Unique decomposition has been 
established for a variety of process algebras, and used as a way to prove decidability of be- 
havioural equivalence and to give complexity bounds for the associated decision procedure 
( [HI [3] cite relevant references) . 

In the present study, beyond the existence of a unique decomposition, we are interested 
in a syntactic characterisation of ~ (which will in particular allow us to derive Lemma 14.41 
below). In this sense, our work is close to [6j, where the notion of maximally parallel process 
in CCS (with choice) is studied. [6] defines a rewriting process through which maximally 
parallel normal forms can be computed, and shows that in the case of ^uCCS, such normal 
forms are unique. However, no syntactical characterisation of the set of normal forms is 
presented, and such a characterisation cannot be directly deduced from the (rather involved) 
definition of the rewriting process for full CCS. 

We instead restrict ourselves to /iCCS from the start, and rely explicitly on the distri- 
bution law in order to 'extract' prime components of processes. 

Remark 2.8 (r prefix and weak bisimilarity). We do not address weak bisimilarity in the 
present work. In /iCCS, strong and weak bisimilarity coincide, i.e., the internal transitions of 
processes are completely determined by the visible actions (interactions) . This is essentially 
due to the absence of restriction in the calculus. When including r prefixes in the syntax, 
it can be proved that adding the law t.P = P is enough to characterise weak bisimilarity. 
The r prefix is usually absent in the 7r-calculus, to which we shall move in Sect. El Since 
some results on CCS will be transferred to the 7r-calculus, we did not include this construct 
in ^CCS. 
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3. Nonexistence of a Finite Axiomatisation 

We let M, N range over //CCS terms with variables (this corresponds to the grammar 
M ::= | r/.M | M\M | X, and we use X, Y . . . to range over term variables). A ground 
term is a term with no occurrence of variables. Instantiations are mappings from variables 
to terms, and their domain are naturally extended to terms. We use p to range over 
instantiations. Applying p to M yields a term written Mp. p is a ground instantiation if 
for all terms M, Mp is a ground term. Any two terms M, N define an equation, written 
M = N. 

Definition 3.1 (Axiomatic equality). Given a set £ of equations, we shall write £ h M = N 
whenever M = N can be derived in equational logic using equations from 8. 

We let T> stand for the set of equations consisting of the three axioms of structural 
congruence (Ci,C2,Cs), and all the distribution axioms ((A)i>l) : 

(A): V-(P I fr-P)') = (V-P) i+ \ »>1 • 
T>k stands for the finite restriction of T> where only the first k distribution axioms are 
included ((A)l<i<fc)> 

Equations of T> are obviously sound for ~. Ground completeness is given by the fol- 
lowing proposition, which holds by Theorem 12.61 

Proposition 3.2 (Completeness). For any processes P,Q, 

P~Q iff VhP = Q . 

We now analyse the distribution law using a rather classical approach pQ. We show 
that T> is w-complete, that is, complete w.r.t. the extensional equality derived from strong 
bisimilarity. Since, by Lemma 13.81 below. T> is intrinsically infinite, we derive impossibility 
of a finite axiomatisation of ~ on //CCS, by using compactness arguments. 

Definition 3.3 (Extensional equality). Two terms M and iV are extensionally equal, writ- 
ten M ~ w N, whenever for any ground instantiation p, it holds that Mp ~ Np. An equation 
M = N is said to be correct if M ^ w N . 

Our proof of w-completeness essentially relies on the methodology developped in [8]; 
the idea is to replace variables by small terms that can easily be distinguished. 

Lemma 3.4. Let M be a term whose variables all belong to {A^}j g /, and let {aj}j e / be a 
collection of distinct names that do not occur in M . 

n(M{a i .0/X i }) = n(M){a 4 .0/A^} 

Proof. We proceed by well founded induction over the termination of 

• If M is in normal form, we just have to check that M{aj.0/Aj} is in normal form. This 
is true because the ai are distinct and do not appear in M. 

• Otherwise, if M ^ N, we check that M{ai.0/Xi} ~* N{ai.0/Xi} so that: 

n(M{ai.0/Xi}) = n(N{ ai .0/Xi}) (by confluence) 
= n(N){ai.0/Xi} (by induction) 

= n(M){ai.0/Xi} (by confluence) 

□ 



8 



DANIEL HIRSCHKOFF AND DAMIEN POUS 



Lemma 3.5. Let M,N be two terms whose variables all belong to {Xi}i^j, and let {oj}jg/ 
be a collection of distinct names that do not occur in M nor in N. 

• IfD\-M = N then T> h Mp = N p for any instantiation p; 

• ifM{ai.0/Xi} ~ N{a i .0/X l } then V h M = N. 

Proof. The first point is standard, and proved by induction over the derivation tree. 

For the second property, we know by Theorem l2.6l that n(M{aj.0/Xj}) = n(N{a,i.0/Xi}). 
By Lemma E31 we can deduce n(M{a;.0/X;}) = n(M){ai.0/Xi}, and n(N{ai.0/Xi}) = 
n(N){ ai .0/Xi}. Hence we have n(M) = n(N), and V h M = N holds. □ 

Theorem 3.6 (cj-completeness). For any terms M,N, 

M ~u,N iff Vh M = N . 

Proof. Using Lemma |3.5| ^-completeness boils down to the completeness of T> for ground 
terms (Prop. [3T2]) . □ 

Notice that the proof of Theorem 13.61 relies on the existence of an infinite number of 
names. The following result is standard. 

Lemma 3.7 (Compactness). For any terms M,N, 

Vh M = N iff Vk \~ M = N for some k . 

Proof. Equational proofs are finite objects. □ 

Lemma 3.8. Let a be a name, for any number k, there exists n such that: 

V k \f a.a n = a n+1 . 

Remember that a n stands for the n-ary parallel composition of a.O, so that this equality 
is an instance of axiom (D n ). 

Proof. Let n be a number strictly greater than k such that n + 1 is prime, and let 9(P, Q) 
denote the predicate: "P ~ Q ~ a n+1 , P = a.P', and Q = Qi\Q 2 with Q 1 , Q 2 ^ 0". 

Assume T>k l~ o,.a n = a n+1 , and consider the shortest proof of T>k \~ P = Q for some 
processes P, Q such that either 9{P, Q) or 8(Q, P). Since 8(a.a n , a n+l ) holds, such a minimal 
proof does exist. We reason about the last rule used in the derivation of this proof in 
equational logic. For syntactic reasons, this cannot be reflexivity, a contextual rule, nor 
one of the structural congruence axioms. It can be neither symmetry nor transitivity, since 
otherwise this would give a shorter proof satisfying 9. The only possibility is thus the use 
of one of the distribution axioms, say D{ with 1 < i < k and a n+l ~ Q = (a.Q') l+1 . By 
Lemma ll.3l since ^(a ra+1 ) = n + 1, i + 1 has to divide n + 1. This is contradictory, because 
we have 2<i + l<fe + l<n + l, and n + 1 is prime. □ 

We can finally prove the nonexistence of a finite axiomatisation of ~ on fiCCS. The 
proof corresponds to a standard application of the Compactness Theorem [I]. 

Theorem 3.9 (No finite axiomatisation of ~). For any finite set of correct equations £, 
there exist processes P and Q such that P ~ Q but £ \f P = Q. 

Proof. By correctness, for any equation M = N in £, M ^ N. Hence, by (^-completeness 
we can prove any equation of £ using T>. By Lemma 13.71 and since £ is finite, there 
exists k such that 2?fc h £. By Lemma 13.81 there exists n such that a.a n ~ a n+1 and 
V k \f a.a n = a n+1 ; and thus, £ \f a.a n = a n+1 . □ 
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4. On Substitution Closure of Bisimilarity 



We now discuss the property of substitution closure of behavioural equivalences in 
(subcalculi of) CCS. In the 7r-calculus, because of the input prefix, substitution closure is 
in general a necessary condition for bisimilarity to be a congruence. The notion of mutual 
desynchronisation, which we define in Sect. 14.14 allows us to show that ~ is closed under 
substitution in //CCS. This notion will be used to establish substitution closure (and then 
congruence) of ~ g in no in Sect.[5j We analyse substitution closure in an extension of //CCS, 
both for strong bisimilarity and distributed bisimilarity, in Sect. 14.21 (the latter section is 
not technically necessary to establish the result on no, and can therefore be skipped). 

4.1. Mutual Desynchronisations. In //CCS, ~ is closed under substitution. One way 
to prove that is to rely on the axiomatisation from Sect. [2 two processes related by an 
instance of the distribution law remain equivalent when a substitution mapping names to 
names is applied (we can show in particular that for any substitution a, n(Pcr) = n(r\(P)a)). 

Here, we derive this result using an alternative general pattern, that corresponds to 
the proof of substitution closure of ~ g in Sect. [H To understand how the notion of mutual 
desynchronisation arises, we sketch the proof of substitution closure of ~. Suppose for that 
P ~ Q, and consider a substitution a. To prove Pa ~ Qa, we reason by coinduction, and 
consider a transition Pa — > Po- The difficult case arises when // = r, and the synchro- 
nisation follows from P —> Pi, P — > P2, with a (a) = a(b). We observe that because we 
work in //CCS, the transitions of P to P\ and P2 are necessarily offered by distinct parallel 
components of P. P can therefore do a transition along a followed by a transition along b 
to some P', to which Q can answer since P ~ Q. If Q answers by firing two prefixes that 
belong to different parallel components ('concurrent prefixes'), we are done: we can infer 
a r transition for Qa, and conclude using coinduction. If this is not the case (i.e., if the b 
prefix fired by Q was guarded by the a prefix), we consider the sequence where P performs 
the two transitions in the reversed order, first b then a, and reason similarly. Therefore, the 
only case where we cannot conclude occurs when Q matches both sequences of transitions 
using causally dependent prefixes. This situation is depicted below; we will show that it 
cannot arise in //CCS. 



P 



Q 





Pi 




P' 



Qi 



Q2 



More precisely, we show that the situation on the right of this picture, where we notice 
that Qi ~ Q2 (both processes are bisimilar to P') cannot arise; we call such a - hypothetical 
- situation a mutual desynchronisation: 
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Definition 4.1 (Mutual desynchronisation in /xCCS). We say that there exists a mutual 
desynchronisation in fiCCS whenever there are two prefixes 771, 772, and five /aCCS processes 
S, S', T, V, R such that m ± S ^ S', T ^ T' and rj 2 .S \ T' \ R~ S' \ rji.T \ R. 

We recover the situation which is depicted above by taking Q = r] 2 .S \ rji.T \ R, 771 = a, 
and r]2 = b. Such a notion is not specific to //CCS: the proofs of Lemmas 15.61 and 15,71 will 
expose analogous situations in ttq. 

Definition 4.2. We define, for any /jCCS process P and prefix 77, the contribution of P at 
77, written s rj (P), by 

»„(0) = s v ( V '.P) = if 77/77' 

S V (Pl I P2) = S^Px) + S V (P 2 ) S V ( V .P) = #(7].P) 

Intuitively, s v (P) is the total size of the parallel components of P that start with the 
prefix 77. 

Lemma 4.3. P ~ Q implies s J7 (-P) = s v (Q) for all 77. 

Proof. Follows from Theorem 12.61 and the observation that the distribution law preserves 
the contribution of a process at a given interaction prefix. □ 

Lemma 4.4 (No mutual desynchronisation). There exists no mutual desynchronisation in 
fiCCS. 

Proof. Assume by contradiction that there are processes such that P -A. P' , Q Q' and 

77 2 .P|Q / |^~^'l^i-<3l^- 

By the cancellation property (Corollary I2.3[) . we have r]2-P\Q' ~ P' I771.Q, hence for 
all 77, s^(t7 2 .P I Q') = s v (P' 1 77 X . Q) (Lemma WM- 

Since s Vl ( V2 .P I Q') = s Vl (Q') < #(Q') and s m (P> | m .Q)) > s Vl ( m .Q) = #(Q') + 2, by 
taking 77 = 771 we finally get #(Q') > #(Q') + 2. □ 

Lemma 14.41 will be used to show that a situation corresponding to a mutual desynchro- 
nisation cannot arise in ttq. Notice that the proof depends in an essential way on Lemma f4.3( 
which in turn relies on the axiomatisation of ~ in /jCCS (Theorem 12. 6ft . 

As a consequence of this result, we can deduce the following 

Corollary 4.5 (Substitution closure of ~ in /jCCS). In fiCCS, P ~ Q entails Pa ~ Qa, 
for all substitution a. 

We now introduce an extension of /jCCS, called /iCCS + , which is the calculus obtained 
by adding a sum operator over prefixed processes. The grammar of /jCCS + is thus the 
following: 

S ::= I n.P I Si + S 2 , P ::= S \ Pi|P 2 • 

If / = [l..k], we write Si for Si + ■ ■ ■ + Sk- Like before, we use notation Y\ { Si for 

parallel compositions; when using this notation, we shall moreover implicitly assume that 
for all is/, Si'/'^O (this is in particular the case in the statement of Lem. 14. lip . We shall 
overload notations, and use ~ to denote strong bisimilarity in /jCCS + . 

In //CCS + , ~ is a congruence, but it is not closed under substitution. We have indeed 

a\b ~ a.b + b.a . (4.1) 
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However, by applying the substitution that maps names a and b to p, we obtain processes 
p\p and p.p + p.p respectively, which are not bisimilar: the former can do a t transition 
that cannot be matched by the latter. Actually, a. b + b.a gives a simple example of a 
mutual desynchronisation in /zCCS + . This standard counterexample to substitution closure 
essentially explains why early and late bisimilarities are not congruences in the (full) n- 
calculus. 

Remark 4.6 (Restriction and replication instead of choice). As shown in [15j . a related 
counterexample can be constructed if, instead of adding the sum operator, we add restriction 
and replication to /xCCS: the equivalence 

la.b.r.q | Ib.a.r.q ~ K uc ) ( a -^ | b.c.q) 

fails to hold if we replace a and b with p, because one process is liable to do two synchro- 
nisations and interact on q, while the other one needs at least three synchronisations to do 
so (the construction r.P can be encoded as {vd) (d.P\d), for some fresh channel name d). 

4.2. Noninterleaving Semantics. We shall work in fiCCS + in the remainder of this 
section. It can be remarked that equality (|4.ip - which is an instance of the expansion law 
- is typical of interleaving semantics, in which the parallel composition of two processes is 
equivalent to a single process, that expresses using nondeterminism all possible interleavings 
of the two concurrent activities. As we have seen, equivalences that validate (|4,ip . as is the 
case for strong bisimilarity in fj,CCS + , are usually not substitution closed. 

On the contrary, we can expect locality-aware semantics, that are sensitive to the 
parallel structure of processes (and hence more discriminating than ~), to be closed under 
substitution. There are several approaches to define such equivalences. We focus here on a 
version of (strong) distributed bisimilarity [5j[I], because it is among the simplest, and this 
will suffice for our purposes. The definition of distributed bisimilarity relies on distributed 
transitions, which are given by judgements of the form P A-^ (Pi,P 2 ). The intended 
meaning is that when P performs the transition along \x, it is decomposed into two parts. 
At the site where the transition has happened, the local process evolves into Pi (the local 
residual). The remainder of the process, which has not taken part in the transition, evolves 
into P2 (the concurrent residual). For example, we have P\ \ r\.Q \ P2 -^a {Q, P1JP2) . 

The inference rules for distributed transitions in fiCCS + are the following (symmetrical 
versions of the rules for sum and parallel composition are omitted): 

S^ d (P,P 2 ) P^d (Pl,P2) 

n.P ^ d (P,0) S + S'^ d (P 1 ,P 2 ) P\P' \ (Pi,P 2 \P') 

p^ d (P 1 ,p 2 ) Q^diQiM 
P\Q (Pi\Qi,P2\Q 2 ) 

Definition 4.7 (Distributed bisimilarity). A symmetric relation 7Z between processes is a 
distributed bisimulation iff whenever P 1Z Q, if P (Pi, P 2 ), then there exist Q\, Q 2 such 
that Q A d (Qi, Q 2 ), Pi K Qi and P 2 1ZQ 2 . 

Distributed bisimilarity, written ~d, is the greatest distributed bisimulation. 

Lemma 4.8. If P \ {P\,P 2 ), then P = (r/.Pi + S x ) \ P 2 for some Si. 
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Lemma 4.9. ~d is a congruence on fxCCS^ . 

Proposition 4.10. ~d is substitution closed in fiCCS^ . 

Prop. l4TT0l is established by following the reasoning we have sketched before Def. 14.11 but 
things are considerably more easy due to distributed transitions, that insure that concurrent 
prefixes can be fired. 

Actually, ~d coincides with structural congruence in /xCCS + (in ^CCS + , in addition 
to the equalities that are valid in /xCCS, = satisfies the laws of an abelian monoid for +, 
as well as the idempotence law S + S = S). To show this, we first establish the following 
separation property, enjoyed by ~d in fiCCS + : 

Lemma 4.11 (Separation Property). If P = Y\ ieI Si, Q = Y\j e jSp and P ~d Q, then 
there exists a bisection f from I to J such that Mi G I. Si ~a Sf/{\ ■ 

Proof. We first observe a general property of distributed transitions: for any Zq G /, when- 
ever Si Q A Pq, by Def. 14.71 we have Sj Q A Q$ for some jo,Qo, with Pq r^ d Q and 
Yliei i^i &i ~d YljeJj^jo S'ji where the latter equivalence involves processes that have ex- 
actly one parallel component less than P and Q respectively. The symmetrical property 
also holds for challenges coming from Q. 

Let us now prove that / and J have the same cardinal. We assume without loss of 
generality that I has strictly more elements than J. We derive a contradiction by repeatedly 
using the remark above to fire challenges in the parallel components of P, until there are 
no components left in Q. I and J thus have the same cardinal. 

In light of this result, we can assume w.l.o.g. that / is the set of indices in P's and Q's 
decompositions, and moreover that G I. We thus show: 

If P = Si, Q = S'j, and P ~d Q, then there exists a bijection / 
from I to J such that Vi € /. Si ~d 

To prove this, we reason by induction on the number of parallel components of P. The 
cases where this number is or I are immediate. Assume then that I has at least two 
elements. We distinguish two cases: 

First case: all components are equivalent to each other on each side, that is, Vi G /. Si ~d So, 
and Vj G J. S'j ~d S' . It remains to show that one of the 5jS is equivalent to one of Sjs: 
for this, we use the remark above about distributed transitions to fire all components of P 
but one, which gives us that the remaining component is bisimilar to a component of Q. 
Second case: if we define C = {i. Si ~d So}, we have ^ C ^ I (since otherwise, we 
would be in the first case). Define C = I \C, and perform a sequence of ~d- cna Uenges 
on the side of P in order to fire all components corresponding to C: we are left with 

Uiec S i ~d UieD S i for some D £ L 

Since C ^ /, we can apply induction to derive that the 5«s are one to one equivalent 

to the S'jS, which yields that all processes in {Si,i G C} U {SL j G D} belong to the same 
equivalence class for ~d (and are hence all equivalent to So). 

Similarly, by firing all components in C, we obtain IligC' ~d FlieD' f° r D' ^ /• 
Again, as C I, we have by induction that every element in {Si,i G C'} is in one to one 
correspondence with an element of {S'j, j G D'}. This implies, by definition of C , that none 
of the S'jS for j G D' is equivalent to Sq. Hence, we have that D n D' = 0, and DU D 1 = I 
by a cardinality argument; the announced property follows. □ 
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Lemma 14.111 formalises the fact that in absence of restriction, distributed bisimilarity 
is discriminating enough to analyse the maximum degree of parallelism in processes (in 
particular, the expansion law is not valid for location sensitive equivalences). 

Proposition 4.12. In (iCCS^ , P ~d Q if and only if P = Q. 

Proof. We first remark that = C ~ d on /iCCS + . To show the converse, we assume P ~d Q, 
and reason by induction on the size of P, defined as the number of prefixes in P. The cases 
where P is of size or 1 are immediate. Assume then that the size of P is strictly greater 
than 1. 

First, if P has at least two parallel components that are different from 0, we can apply 
the separation property (Lemma 14. 1 ip . together with the induction hypothesis, to deduce 
the expected result. 

Assume now P = Y2iel Vi-Pi- By Lemma |4.11| Q has only one parallel component, i.e., 
Q = Yljej Vi-Qi- Using the idempotence law (S + S = S), we moreover assume w.l.o.g. 
that for all «i,«2, ^% X -Pi x = Viz-Piz implies i\ = i%, and similarly for the summands of Q. 

Since P ~d Q, we observe two properties. First, \/i G I. 3j G J.rji = rfj A Pj ~d Qf this 
follows by firing a challenge on rji on P's side. Symmetrically, Vj G J. 3i G Irji = rjj A Pj ~d 
Qj. In each case, the induction hypothesis actually gives Pj = Qj. 

Now, for any i\ E /, the first property associates some j G J to i, which in turn 
is associated to 12 G / by the second property. In this case, we have r\i x = rjj = r/i 2 and 
P%i = Qj = Pin which insures i\ = 12 by the hypothesis we have made. A similar argument, 
starting from Q's side, shows that these two properties entail that the summands in P are 
in one to one correspondence with the summands of Q, whence, finally, P = Q. d 

In view of this result, ~d is arguably not very interesting in ^CCS + . The main point 
here is to show a situation where ~ is not substitution closed, while ~a is. It can be proved 
(but this requires more work) that the same holds if we move to a richer calculus, where 
parallel compositions are allowed in summands. In such a calculus, ~d satisfies nontrivial 
absorption laws, such as a. b \ a.c ~d (o>-b \ a.c) + r.(b\c), which is obviously not valid for = 
(we suppose here the existence of a r prefix; more general absorption laws can be defined - 
see [1]). 

One way to establish that ~d is closed under substitution in the richer calculus is to ex- 
ploit the results of {4j Sect. 4.5], which studies axiomatisations of ~d- These axiomatisations 
use a new operator, noted f, that satisfies the following laws: 

{P + Q)\R = P\R + Q\R {P\Q)\R = P\ (Q\R) 

PfO = P OfP = 

{ is a kind of asymmetric parallel composition, that intuitively gives precedence to the tran- 
sitions of its left hand side operand. Moreover, as shown in [4], if we allow communications 
across \ , then the following expansion theorem 

UP = J2 Vi-P t Pi and Q = Vj-Qj \ Qj, then 
iei jeJ 

P\Q = Y dm .P i \{Pi\Q)+Y d ff j .Q j \(P\Q' j )+ T -( p i\Qi) t (Pi\Qj) 
iei jeJ J7j=77< 
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together with the laws of \ and of +, provides a complete axiomatisation of ~d- 

This expansion theorem closely resembles its standard counterpart in interleaving se- 
mantics, where concurrency is expressed using the sum operator. However, since com- 
munications are allowed between the operands of f, the above equality is robust w.r.t. 
substitution. Indeed, if a new interaction is triggered on the left hand side of the equality 
by applying a substitution, say between r/i.Pi and rfj-Qj, then this synchronisation is also 
possible on the right hand side (in the first summand). We do not enter any further into 
the details of this proof. 

5. A New Congruence Result for the 7t-calculus 

5.1. The Finite, Sum-free 7r-calculus. Processes of ttq are built from an infinite set 
Af w of names (we let a,b . . . ,m,n . . . ,p,q . . . ,x,y . . . range over names) , according to the 
following grammar: 

4> ::= m(x) \ mn , P ::= | 4>.P \ Pi\P 2 \ {up)P . 

The input prefix m{x) binds name x in the continuation process, and so does name restric- 
tion (un) in the restricted process. A name that is not bound is said to be free, and we 
let fn(P) stand for the free names of P. We assume that any process that we manipulate 
satisfies a Barendregt convention: every bound name is distinct from the other bound and 
free names of the process. We shall use a, b, c to range over free names of processes, p, q, r 
(resp. x,y) to range over names bound by restriction (resp. by input), and m, n to range 
over any name, free or bound (note that these naming conventions are used in the above 
grammar). Structural congruence on ttq, written =, is the smallest congruence that is an 
equivalence relation, contains a-equivalence, and satisfies the following laws: 

P\0 = P P\(Q\R) = (P\Q)\R P\Q = Q\P (vp)0 = 

{vp){vq)P = {vq){vp)P P \ {vp)Q = {up){P \Q) if p £ fn(P) 

We let P[n/x] stand for the capture avoiding substitution of name x with name n in P. We 
use a to range over substitutions in ttq (that simultaneously replace several names). 

Definition 5.1 (Late operational semantics and ground bisimilarity) . The late operational 
semantics of ttq is given by a transition relation whose set of labels is defined by: 

H ::= a(x) | ab | a(p) | r . 

Names x and p are said to be bound in actions a{x) and a{p) respectively, and other names 
are free. We use hn(fi) (resp. fn(/u)) to denote the set of bound (resp. free) names of action 
/i. 
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The late transition relation, written is given by the following rules (symmetrical 
versions of the rules involving parallel composition are omitted): 



</>.p\p P\Q ^ P'[b/x\ | Q' 

(ub)P ^ P' P\Q^ (up)(P'\p/x) I Q') 

P A p' P ^ P' 

— — / bn(/x) n fn(Q)=0 — 7 r JL ——, v £ 

A ground bisimulation is a symmetric relation 7?. between processes such that whenever 
P 11 Q and P \ P', there exists Q' s.t. Q ^ n Q' and P' K Q'. 

Ground bisimilarity, written ~ g , is the union of all ground bisimulations. 

Note that we do not respect the convention on names in the rule to infer a bound 
output, precisely because we are transforming a free name (b) into a bound name. 

Lemma 5.2. Assume that Pa P'. 

(1) If /U is ab, a(p) or a(x), then P — > w P with p'a = p and P" a = P . 

(2) If li = r then one of the three following properties hold, where the input and output 
actions are offered concurrently by P in the last two cases. 

(a) P ^ P" and P" a = P' , 

(b) P ^^ir P" where a{a) = a{b) and P"[c/x]a ~ P' , 

(c) P p" where a(a) = a{b) and {{vp)P"\p/x\)a ~ P' . 

Proof. Similar to the proof of Lemma 1.4.13 in [15], where the early transition semantics is 
treated. □ 



5.2. Mutual Desynchronisations in ttq. In what follows, we fix two distinct names a 
and 6, that will occur free in the processes we shall consider. The definitions and results 
below will depend on a and 6, but we avoid making this dependency explicit, in order to 
ease readability. Names a and b will be fixed in the proof of Theorem 15.81 



Definition 5.3 (Erasing a ttq process). Given a ttq process P, we define the erasing of P, 
written £{P), as follows: 

£(P 1 \P 2 ) = £(P 1 )\£(P 2 ) £{{yp)P) d = £{P) £(0) d =0 

£{a{x).P) d = a.£(P) £(m(x).P) d = if m / a 

£{bn.P) d = b.£(P) £{mn.P) d = if m ± b 
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Note that a and b play different roles in the definition of £(■)■ 

It is immediate from the definition that S(P) is a /iCCS process whose only prefixes 
are a and b. Intuitively, £(P) only exhibits the interactions of P at a (in input) and b (in 
output) that are not guarded by interactions on other names. 

Lemma 5.4 (Transitions of £{P)). Consider a ttq process P. We have: 

• IfP^v P', then £{P) ^ S(P'). 

• IfP^ P' or P P', then £{P) X £(P'). 

• Conversely, if£(P) —> Pq, then there exist x and P' such that Po = £{P') and P - \ w P' . 
Similarly, if £{P) Pq, there exist c,p,P' such that Pq = B(P') and either P P' or 
P ^ P>. 

Proof. Simple reasoning on the LTSs of ^CCS and ttq. □ 

Proposition 5.5 (Transfer). If P ~ g Q in ttq, then £{P) ~ £(Q) in fiCCS. 

Proof. We reason by induction on the size of P (defined as the number of prefixes in P). 
Consider a transition of £(P)', as observed above, it can only be a transition along a or a 
transition along b. 

Assume £{P) ^ P . By Lemma El P ^^■n P' and P = £(P'). Since P ~ g Q, 

Q - ~ s Q' for some Q' such that P' ~ g Q'. By induction, the latter relation gives 

£{P') ~ B{ff), and Q ^ n Q' gives by Lemma El £(Q) A £(Q>). 

The case £{P) — > Pq is treated similarly: by Lemma El there are two cases, according 
to whether P does a free output or a bound output. Reasoning like above allows us to 
conclude in both cases. □ 

We can now present our central technical result about ttq, which comes in two lemmas. 

Lemma 5.6. If Q ~ g (up){a{x).Pi \ bc.P2 \ P3), then there exist some Q\, Q2, Q3, q, such 
that Q = (vq){a(x).Qi \ be. Q2 \ Q3) and 

(up)(P l \P 2 \P 3 ) ~ g (uq)(Q 1 \Q 2 \Q3). 

Proof. Let P = {vp){a{x).P x \bc.P 2 \ P 3 ) and P' = (vp)(Pi \ P 2 \ P 3 )- 
Note that by our conventions on notations, c ^ p. 

Since Q ~ g P and P can perform two transitions along a{x) and be respectively, Q can 
also perform these transitions, which gives 

Q = (vq){a(x).Qi \bc.Q 2 \Q 3 ) for some q,Qi,Q 2 ,Q3, 
the first (resp. second) component exhibiting the prefix that is triggered to answer the 
challenge on a(x) (resp. 6c). 

Consider now the challenge P ■^■ 7T - P f , to which Q answers by performing the 

transition Q Q ba , with P' ~ g Q ba . If Q ba = (vq){Qi \ Q 2 \ Q3), that is, if Q 

triggers the prefixes on top of its first and second components, then we are done. Similarly, 
if Q triggers a prefix in Q3 to answer the second challenge, say Q3 = a(x).Qi \ Q5, we can 
set Q[ = a(x).Q4 and Q' 3 = Q\ \ Q5, and the lemma is proved. 
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The case that remains to be analysed is when Q 2 > n Q 2 and we have Qba = 

(vq)(a(x).Q 1 \Q' 2 \Q 3 )~ s (vp)(P 1 \P 2 \P 3 ). 

We then consider the challenge where P fires its two topmost prefixes a{x) and be in 

the other sequence, namely P - P' . By hypothesis, Q triggers the prefix of its first 

component for the first transition. To perform the second transition, Q can fire the prefix 
be either in its second or third component, in which case, as above, we are done, or, and this 
is the last possibility, the prefix be occurs in Q\. This means Q a b = {vq){Q'i \ bc.Q 2 \ Q3) ~ g 

(vp)(P 1 \P 2 \P 3 ), with Qi ^ Q[. 

To sum up, we have Q a b = (vq)(Q'i \bc.Q 2 \ Q 3 ) ~ g (vq)(a(x).Q\ \ Q' 2 \ Q 3 ) = Qb a , with 

Qi ^ n Q'i and Q 2 — -k^ Q 2 : this resembles the mutual desynchronisation of Definition 14 . 1 \ 
translated into the 7r-calculus. 

Indeed, we can construct a mutual desynchronisation in //CCS: Q a b ~ g Qb a implies 

£(Qab) ~ £{Qba) by Prop. [531 and Qi Q[ (resp. Q 2 - \ n Q 2 ) implies by Lemma l5~4l 

£{Ql) ^ £{Q'i) (resp. £{Q 2 ) A £{Q' 2 )). Finally, using Lemma 14.41 we obtain a contradic- 
tion, which concludes our proof. □ 

Lemma 5.7. If Q ~ g {up,p){a{x).P\ \ bp.P 2 \P 3 ), then there exist some Q\, Q 2 , Q3, such 
that Q = (vp,q)(a(x).Qi \bp.Qi \ Q3) and 

(up)(P 1 \P 2 \P 3 ) ~ g (i/g)(Qi|Q 2 |Q 3 ). 

Hint. The proof follows the same lines as for the previous lemma. The only difference 
is when analysing the transitions that lead to Q a b- to perform the second transition, Q 
can either extrude the name called p in the equality Q = (vp,q)(a(x).Qi \ bp.Q 2 \ Q3), or 
otherwise Q can be a-converted in order to extrude another name. In the case where Q 
chooses to extrude a different name, we can assume without loss of generality that the 
necessary a-conversion is a swapping between name p and a name q\ € q, which brings us 
back to the case where name p is the one being extruded. 

The presence of a bound output introduces some notational complications when express- 
ing Qab, but basically it does not affect the proof w.r.t. the proof of Lemma l5.6( because 
the function £ (•) is not sensitive to name permutations that do not involve a or b. □ 



5.3. Congruence. 

Theorem 5.8 (Closure of ~ g under substitution). If P ~ g Q then for any substitution a, 
Pa ~ g Qa. 

Proof. We prove that the relation TZ = {(Per, Qa) | P ~ g Q} is a ground bisimulation. We 
consider P, Q such that P ~ g Q and assume Pa Pq. We examine the transitions of P 
that make it possible for Pa to do a //-transition to Po- 

According to Lemma |5.2[ there are two possibilities. The first possibility corresponds 
to the situation where [i comes from an action that P can perform, i.e., P — ^ P for some 
//, with P'a = Pq and \j! a = fi (cases Q] and [2a] in Lemma |5.2|) . Since P ~ g Q, Q ■^->- 7r Q' 
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and P' ~ g Q' for some Q' . We can prove that Qa — > Q'a, and since P' ~ g Q' we have 
(PV, QV) € ft. 

The second possibility (which corresponds to the difficult case) is given by p, = t, 
where the synchronisation in P' has been made possible by the application of a. There are 
in turn two cases, corresponding to whether the synchronisation involves a free or a bound 

name. In the former case, P P' and P ^ n P" for some a, x, b, c, P' , P" . This entails 

P = (up)(a(x).P\ \bc.P 2 I P 3 ) for some p , P\ , P2 , P 3 , and, since P ~ g Q, we conclude by 
Lemma [5T61 that Q = (uq)(a(x).Qi \bc.Q 2 \ Q 3 ) and 

(up)(P 1 \P 2 \P 3 ) ~ g (uq)(Qi\Q 2 \Q 3 ) • 

By definition of ft, this equivalence implies that we can apply any substitution to these two 
processes to yield processes related by ft, and in particular [c/x]a, which gives: 

{(up)(P l \P 2 \P 3 ))[c/x]a K {{vq){Qi\Q2\Q3))[c/x]o . 

Using the Barendregt convention hypothesis, this amounts to 

P = ((up)(P 1 [c/x]\P 2 \P 3 ))a K ({vq){Q l [c/x)\Q 2 \Q 3 ))e = Q . 
We can then conclude by checking that Qa — ^ Qo- 

We reason similarly for the case where the synchronisation involves the transmission of 
a bound name, using Lemma 15.71 instead of Lemma 15.61 We remark that Lemma 15.71 gives 
(up) (Pi I P 2 I P3) ~ g (uq)(Qi I Q 2 I Q3), and in this case Pa ^ (up,p)(Pi\p/x\ \ P 2 \ P 3 )a 
(resp. Qa (up, q)(Q\ [p/x] \ Q 2 \ Q 3 )a). In order to be able to add the restriction on p 
to the terms given by Lemma l5.7( we rely on the fact that ~ g is preserved by restriction: 
P ~ g Q implies (up)P ~ g (up)Q for any P, Q,p. We can then reason as above to conclude. 

□ 

Corollary 5.9 (Congruence of bisimilarity in ttq). In ttq, ground, early and late bisimilarity 
coincide and are congruences. 

Proof. By a standard argument (see [15J): since ~ g is closed under substitution, ~ g is an 
open bisimulation. □ 

It is known (see [15] ) that adding either replication or sum to ttq yields a calculus where 
strong bisimilarity fails to be a congruence. 



6. Conclusion 

We have presented an axiomatisation of strong bisimilarity on a small subcalculus of 
CCS, and a new congruence result for the 7r-calculus. 

Technically, the notion of mutual desynchronisation is related to substitution closure of 
strong bisimilarity, as soon as substitutions can create new interactions by identifying two 
names. 

We have shown in Sect.[5]that there exists no mutual desynchronisation in ttq, and that 
~ g is a congruence. It appears that in finite calculi, mutual desynchronisations give rise 
to counterexamples to substitution closure of strong bisimilarity (cf. Sect. B~T]) . The situa- 
tion is less clear when infinite behaviours can be expressed. For instance, in the extension 

of /iCCS with replication, the process P d = la \ !6 is bisimilar to process Q d = \a.b | !6.a, 
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which leads to a mutual desynchronisation: we have Q -^>— > = Q — >A = Q. This mutual 
desynchronisation is however 'benign': by firing concurrently the two prefixes that iniate 
the mutual desynchronisation, we obtain a \ b \ P which is bisimilar to P, so that this situ- 
ation is not problematic w.r.t. substitution closure (we may moreover remark that the two 
aforementioned processes remain bisimilar when b is replaced with a). We do not know at 
present whether ~ is substitution-closed in this extension of /uCCS. 

Some subcalculi of the 7r-calculus where strong bisimilarity is a congruence are ob- 
tained by restricting the output prefix [15]. In the asynchronous ir-calculus (Air), mutual 
desynchronisations do not appear, basically because the output action is not a prefix. Strong 
bisimilarity is a congruence on Air. In the private ir-calculus (Pir), since only private names 
are emitted, no substitution generated by a synchronisation can identify two previously dis- 
tinct names. Hence, although mutual desynchronisations exist in Pir (due to the presence 
of the sum operator), strong bisimilarity is not substitution closed, but is a congruence. 
Indeed, to obtain the latter property, we only need to consider the particular substitutions 
at work in Pir, which cannot identify two names. 

Regarding future extensions of this work, we would like to study whether our approach 
can be adapted to analyse weak bisimilarity in ttq (as mentioned in Remark 12.81 strong 
and weak bisimilarity coincide in ^CCS). Another interesting direction, as hinted above, 
would be to study strong bisimilarity on infinite, restriction-free calculi (in CCS and the 
7r-calculus) . 
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